Suspected Iranian Hackers May Have Caused Rocket Sirens to Blare in Two Israeli Cities
Infosec community outraged over BSides Cleveland 'surprise' speaker, Paige Thompson found guilty over Capital One hacking charges, Int'l op disrupts RSocks malware botnet, much more
The Israel National Cyber Directorate (INCD) believes that suspected Iranian hackers may have been behind an incident that caused rocket sirens to go off in Jerusalem and Eilat.
Authorities instructed local councils to take preventative measures to secure their alert systems since they were activated by municipal alert systems and not by the Israel Defense Forces home front command. (Times of Israel)
Related: Arutz Sheva News, Cybertech, Cleveland Jewish News, JNS.org - Jewish News Syndicate, Haaretz, ynet - News, JewishPress.com, Jerusalem Post
German prosecutors issued an arrest warrant for Russian man Nikolaj Kozachek who they accuse of working for the Russian intelligence arm GRU to carry out a cyber-attack on computers in the Joint Air Power Competence Center, a NATO think tank, in Kalkar, North Rhine-Westphalia.
Investigators say that Kozachek worked for the Russian hacker unit APT28, also known as "Fancy Bear.” This unit is also held responsible for the attack on the IT system of the German Bundestag in spring 2015. (Florian Flade / Tagescchau)
Florian Flade @FlorianFlade
Die US-Justiz sucht schon seit Jahren nach Nikolay Kozachek. Jetzt hat auch @GBA_b_BGH einen Haftbefehl gegen den Russen erwirkt. Er soll als Hacker für den russischen Militärgeheimdienst #GRU arbeiten - und eine #NATO-Thinktank in #NRW ausspioniert haben. https://t.co/BSHA5257i5Kremlin spokesman Dmitry Peskov said that Russian President Vladimir Putin was forced to delay a highly anticipated speech at the St. Petersburg International Economic Forum after a DDoS attack disrupted the system handling access badges to the venue.
A person at the forum said audience members could enter the main hall without difficulty but noted that mobile internet access in the area appeared to be cut off. (Bloomberg News)
Related: The Register - Security, Egypt Independent, The Independent, Euractiv
The infosec community was outraged over the inclusion of social engineering expert Christopher Hadnagy as a “surprise” speaker at BSides Cleveland after DEFCON had banned him from its conference following multiple reports that he violated the event’s code of conduct in 2021.
While BSides Cleveland ultimately apologized for its poor “decision making,” the Security BSides organization promised to investigate the decisions that led to this outcome and work with the Cleveland organization on ways to avoid this situation in the future.
Related: Skytalks
BSidesCleveland @BSidesCleveland
We communicated with him between then and now, and when he felt like he might be at a point to get back to speaking, we added a Special Guest to the lineup. Two weeks ago Chris confirmed he would like to try to speak, and we neglected to remove the Special Guest on the lineup.
Paige Thompson, a former Amazon engineer accused of stealing more than 100,000 customers’ personal information from Capital One in one of the most significant breaches in the United States, was found guilty of wire fraud and hacking charges.
A Seattle jury found that Thompson violated an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. The jury found her not guilty of identity theft and access device fraud. In addition to stealing the customers’ data, the Justice Department said she used her access to Capital One’s servers to mine cryptocurrency. (Kate Conger / New York Times)
Related: Yahoo, Latestly.com, BGR, Cyber Kendra, Fortune, Business Standard, Engadget, GeekWire Original, Engadget, The Verge, CNBC Technology
The U.S. Department of Justice said that an operation involving the FBI and police forces in Germany, the Netherlands, and the United Kingdom disrupted the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT devices worldwide for use as proxy servers.
FBI agents began mapping the RSocks infrastructure in an undercover operation where they purchased to access a large number of proxies in 2017. At that time, investigators identified 325,000 compromised devices, many located in the United States. RSocks allegedly compromised these devices by brute-forcing their passwords and installing software on the breached computers to turn them into proxy servers. (Bill Toulas / Bleeping Computer)
Related: Justice Department, NBC News Technology, CyberNews, Tech Monitor, ET news, Teiss, Der Spiegel, GovInfoSecurity.com, The Register - Security, The Hacker News
Leaked audio from more than 80 internal TikTok meetings shows that employees of China-based ByteDance have repeatedly accessed nonpublic data about U.S. TikTok users despite repeatedly promising that information gathered about users in the United States is stored in the United States.
The recordings, which range from small-group meetings with company leaders and consultants to policy all-hands presentations, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022. The vast majority of situations where China-based staff accessed US user data were in service of Project Texas's aim to halt this data access.
Project Texas is key to a contract that TikTok is currently negotiating with cloud services provider Oracle and CFIUS. Under the CFIUS agreement, TikTok would hold US users’ protected private information, like phone numbers and birthdays, exclusively at a data center managed by Oracle in Texas. (Emily Baker-White / Buzzfeed News)
Related: TechCrunch, Protocol, Washington Examiner, Engadget, Neowin, Gizchina, AFP, New York Post, Dot.la, Gizmodo, Barron’s, Adweek, Insider, Mashable, Wall Street Journal
Italian mobile security company Cleafy said that the threat actor behind the BRATA banking trojan has evolved its tactics and improved its malware with APT-life information-stealing capabilities.
The malware has been updated with new phishing techniques and classes to request additional permissions on the device. It also drops a second-stage payload from the command and control (C2) server. (Bill Toulas / Bleeping Computer)
Related: Cyberintel Magazine, Security Affairs, Security News | Tech Times, The Hacker News, Cleafy
Researchers at Wordfence report that over a million WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability suspected of having been actively exploited in the wild.
According to Wordfence, the bug "made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection." (Ravie Lakshmanan / The Hacker News)
Related: Security Week, Help Net Security, Security Affairs
Network-attached storage (NAS) vendor QNAP warned customers to secure their devices against a new campaign of attacks pushing DeadBolt ransomware, urging them to update their devices to the latest firmware version and ensure they're not exposed to remote access over the Internet.
During attacks targeting QNAP NAS devices in late January that hit thousands of victims, DeadBolt ransomware hijacked the device's login page to display a screen stating, "WARNING: Your files have been locked by DeadBolt." (Sergiu Gatlan / Bleeping Computer)
Related: iTech Post, heise online News, QNAP
California man Hao Kuo Chi, accused of breaking into thousands of Apple iCloud accounts and stealing private photos and videos of nude young women, has been sentenced to nine years in federal prison.
The Justice Department said Chi operated for years on Anon-IB, a now-defunct website notorious for posting revenge porn. Chi hacked into the Apple iCloud accounts of victims across the United States in search of nude photographs and videos of young women, which he called “wins.” Using the online moniker “icloudripper4you,” he then shared and traded these images with persons he had met on Anon-IB. (Associated Press)
Related: Bleeping Computer, Hack Read, Justice.gov
The latest victim in a string of DeFi hacks is Inverse Finance, which suffered a fresh exploit worth $1.2 million.
This exploit follows an April hack of the protocol, which resulted in a loss of $15.6 million. In this latest incident, an attacker could get away with $1.2 million by exploiting a flash loan. Inverse temporarily paused borrowing following the exploit. (Kanav Jain / AMB Crypto)
Related: Inverse, Crypto Slate, Coindesk, Cointelegraph, The Register
In the largest class-action settlement in the Canadian financial sector, the Superior Court of Quebec has approved a nearly $200.9-million (around $155 million) settlement of a class-action lawsuit against Desjardins over a data breach.
The 2020 security incident compromised the data of 4.2 million people with active accounts. Class members may seek compensation for loss of time that is related to the personal information breach, as well as for identity theft. Class members who have not already registered for Equifax's credit monitoring service will also be able to do so for five years at Desjardins' cost and maintain the other protective measures implemented by Desjardins following the breach for at least five years. (The Canadian Press)
Related: Insurance Business
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.